TSA reinstates enrollments for vendor

The Transportation Security Administration has lifted a ban that lasted several days on new enrollments by the largest operator of the agency's Registered Traveler program.

Because Verified Identity Pass recovered a missing laptop PC and improved encryption standards, the company could resume enrolling members in TSA’s Registered Traveler program as of Aug. 11. The company now meets the program’s encryption standards, the agency said in a news release.

TSA, private vendors and airport authorities work as partners to operate the Registered Traveler program. Enrolled travelers pay a fee, supply personal information and undergo a background check. In exchange, they receive expedited service through security checkpoints at 17 airports. Verified Identity Pass said it has enrolled about 200,000 people in the program.

TSA imposed the ban on new enrollments by Verified Identity Pass Aug. 4 after the company reported to authorities of the apparent theft of a laptop from its offices at San Francisco International Airport.

Verified Identity Pass officials said Aug. 5 that the company had recovered the missing computer and turned it over to TSA. The company also said it appeared the data had not been touched. TSA officials said this week that they are forensically examining the computer to determine if anyone accessed the data.

TSA officials also said previously that Verified Identity Pass was not in compliance with requirements to encrypt sensitive personal information on applicants and enrollees. Verified Identity Pass recently took steps to encrypt all enrollment computers and provide a third-party audit.

“TSA has accepted the audit and provided authorization to the sponsoring entities (airports/airlines) to resume enrollment,” the agency said.

The agency said it intends to conduct random audits and conduct a broad review of all Registered Traveler data systems and security to ensure continued compliance.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

A two-year campaign that prompted the Department of Homeland Security to issue its first-ever emergency directive to agencies to shore up cyber defenses appears in part to have been an attempt to spy on U.S. government internet traffic.